Domain api.se.wellywork.com
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-16 02:14
Last seen 2026-01-09 21:21
Open for 54 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bb8ae9c6b46166af1f82a7b6ea48c8e368b08cf7cPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /se/auth GET /se/auth/confirm-device/resend-code GET /se/auth/logout GET /se/auth/refresh GET /se/code-secret/recovery/resend-code GET /se/code-secret/recovery/{username} GET /se/infos GET /se/notifications GET /se/notifications/unread GET /se/parameter/{name} GET /se/pictures/links GET /se/pictures/principal GET /se/pictures/{id} GET /se/wallet/gains GET /se/wallet/solde GET /se/wallet/transactions POST /se/auth/check-username POST /se/auth/login POST /se/notifications/{token} POST /se/pictures POST /se/push-token/save POST /se/wallet/cashout POST /se/wallet/encash PUT /se/add/email PUT /se/add/email/confirmation PUT /se/auth/confirm-device PUT /se/code-secret/recovery PUT /se/code-secret/recovery/confirmation PUT /se/code-secret/update PUT /se/notifications/mark-as-seen/{id} PUT /se/pwd-must-change/updateFound on 2026-01-09 21:21 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bb8ae9c6b46166af1f82a7b6ea48c8e36f70c5f92Public Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /se/auth GET /se/auth/confirm-device/resend-code GET /se/auth/logout GET /se/auth/refresh GET /se/code-secret/recovery/resend-code GET /se/code-secret/recovery/{username} GET /se/infos GET /se/notifications GET /se/notifications/unread GET /se/parameter/{name} GET /se/pictures/links GET /se/pictures/principal GET /se/pictures/{id} GET /se/wallet/gains GET /se/wallet/solde GET /se/wallet/transactions POST /se/auth/check-username POST /se/auth/login POST /se/notifications/{token} POST /se/pictures POST /se/push-token/save POST /se/wallet/cashout PUT /se/add/email PUT /se/add/email/confirmation PUT /se/auth/confirm-device PUT /se/code-secret/recovery PUT /se/code-secret/recovery/confirmation PUT /se/code-secret/update PUT /se/notifications/mark-as-seen/{id} PUT /se/pwd-must-change/updateFound on 2025-11-16 02:14
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-16 02:14
Last seen 2026-01-09 15:57
Open for 54 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bb8ae9c6b46166af1f82a7b6ea48c8e368b08cf7cPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /se/auth GET /se/auth/confirm-device/resend-code GET /se/auth/logout GET /se/auth/refresh GET /se/code-secret/recovery/resend-code GET /se/code-secret/recovery/{username} GET /se/infos GET /se/notifications GET /se/notifications/unread GET /se/parameter/{name} GET /se/pictures/links GET /se/pictures/principal GET /se/pictures/{id} GET /se/wallet/gains GET /se/wallet/solde GET /se/wallet/transactions POST /se/auth/check-username POST /se/auth/login POST /se/notifications/{token} POST /se/pictures POST /se/push-token/save POST /se/wallet/cashout POST /se/wallet/encash PUT /se/add/email PUT /se/add/email/confirmation PUT /se/auth/confirm-device PUT /se/code-secret/recovery PUT /se/code-secret/recovery/confirmation PUT /se/code-secret/update PUT /se/notifications/mark-as-seen/{id} PUT /se/pwd-must-change/updateFound on 2026-01-09 15:57 -
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bb8ae9c6b46166af1f82a7b6ea48c8e36f70c5f92Public Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /se/auth GET /se/auth/confirm-device/resend-code GET /se/auth/logout GET /se/auth/refresh GET /se/code-secret/recovery/resend-code GET /se/code-secret/recovery/{username} GET /se/infos GET /se/notifications GET /se/notifications/unread GET /se/parameter/{name} GET /se/pictures/links GET /se/pictures/principal GET /se/pictures/{id} GET /se/wallet/gains GET /se/wallet/solde GET /se/wallet/transactions POST /se/auth/check-username POST /se/auth/login POST /se/notifications/{token} POST /se/pictures POST /se/push-token/save POST /se/wallet/cashout PUT /se/add/email PUT /se/add/email/confirmation PUT /se/auth/confirm-device PUT /se/code-secret/recovery PUT /se/code-secret/recovery/confirmation PUT /se/code-secret/update PUT /se/notifications/mark-as-seen/{id} PUT /se/pwd-must-change/updateFound on 2025-11-16 02:14
-
-
Open service 35.71.179.82:443 · api.se.wellywork.com
2026-01-09 21:21
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en Content-Length: 722 Content-Type: text/html;charset=utf-8 Date: Fri, 09 Jan 2026 21:21:23 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=KbVwyFe%2FiULRaq%2FVePi%2BTDWygt8OmQs7rWzzdr0Os0c%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767993683"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=KbVwyFe%2FiULRaq%2FVePi%2BTDWygt8OmQs7rWzzdr0Os0c%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767993683" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Page title: HTTP Status 401 – Unauthorized <!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Access Denied</p><p><b>Description</b> The request has not been applied to the target resource because it lacks valid authentication credentials for that resource.</p><hr class="line" /><h3>Apache Tomcat/10.1.17</h3></body></html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 75.2.60.68:80 · api.se.wellywork.com
2026-01-09 15:57
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en Content-Length: 722 Content-Type: text/html;charset=utf-8 Date: Fri, 09 Jan 2026 15:58:10 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=g71hEJIybXhuqvWoQ58FHsNjaIQpjZP5fqivRtZ8Is8%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767974290"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=g71hEJIybXhuqvWoQ58FHsNjaIQpjZP5fqivRtZ8Is8%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767974290" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Page title: HTTP Status 401 – Unauthorized <!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Access Denied</p><p><b>Description</b> The request has not been applied to the target resource because it lacks valid authentication credentials for that resource.</p><hr class="line" /><h3>Apache Tomcat/10.1.17</h3></body></html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 75.2.60.68:80 · api.se.wellywork.com
2026-01-02 22:29
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en Content-Length: 722 Content-Type: text/html;charset=utf-8 Date: Fri, 02 Jan 2026 22:29:38 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=uMZYkoN94bTdeOQ8hYkw%2FXXwmJHcdEsx3vxK7g3lJq4%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767392978"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=uMZYkoN94bTdeOQ8hYkw%2FXXwmJHcdEsx3vxK7g3lJq4%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767392978" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Page title: HTTP Status 401 – Unauthorized <!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Access Denied</p><p><b>Description</b> The request has not been applied to the target resource because it lacks valid authentication credentials for that resource.</p><hr class="line" /><h3>Apache Tomcat/10.1.17</h3></body></html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 35.71.179.82:443 · api.se.wellywork.com
2026-01-02 13:49
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en Content-Length: 722 Content-Type: text/html;charset=utf-8 Date: Fri, 02 Jan 2026 13:49:25 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=OywL7zRPxwt1NNPYzRl7jo5hWNfa%2FAHAvlHSTcKASb0%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767361766"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=OywL7zRPxwt1NNPYzRl7jo5hWNfa%2FAHAvlHSTcKASb0%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767361766" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Page title: HTTP Status 401 – Unauthorized <!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Access Denied</p><p><b>Description</b> The request has not been applied to the target resource because it lacks valid authentication credentials for that resource.</p><hr class="line" /><h3>Apache Tomcat/10.1.17</h3></body></html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 35.71.179.82:443 · api.se.wellywork.com
2025-12-22 19:44
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en Content-Length: 722 Content-Type: text/html;charset=utf-8 Date: Mon, 22 Dec 2025 19:44:55 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=%2Fi%2FA5D%2FK03BnfTOKQQplHOAfH%2FQC1pK992%2BGJWLBzKo%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766432695"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=%2Fi%2FA5D%2FK03BnfTOKQQplHOAfH%2FQC1pK992%2BGJWLBzKo%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766432695" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Page title: HTTP Status 401 – Unauthorized <!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Access Denied</p><p><b>Description</b> The request has not been applied to the target resource because it lacks valid authentication credentials for that resource.</p><hr class="line" /><h3>Apache Tomcat/10.1.17</h3></body></html>Found 2025-12-22 by HttpPluginCreate report
-
Open service 75.2.60.68:80 · api.se.wellywork.com
2025-12-22 12:07
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en Content-Length: 722 Content-Type: text/html;charset=utf-8 Date: Mon, 22 Dec 2025 12:07:56 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=%2BS5ClmKi%2F%2B3hNZHEHZHPdNDOLyhLUiPHrTQmmKfBmBI%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766405277"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=%2BS5ClmKi%2F%2B3hNZHEHZHPdNDOLyhLUiPHrTQmmKfBmBI%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766405277" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Page title: HTTP Status 401 – Unauthorized <!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Access Denied</p><p><b>Description</b> The request has not been applied to the target resource because it lacks valid authentication credentials for that resource.</p><hr class="line" /><h3>Apache Tomcat/10.1.17</h3></body></html>Found 2025-12-22 by HttpPluginCreate report
-
Open service 35.71.179.82:443 · api.se.wellywork.com
2025-12-20 19:43
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en Content-Length: 722 Content-Type: text/html;charset=utf-8 Date: Sat, 20 Dec 2025 19:43:48 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=pPcm6oHR%2FIIaL7wJDYBI4oEL%2BIBccsSGJq1B%2FYxkkuM%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766259828"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=pPcm6oHR%2FIIaL7wJDYBI4oEL%2BIBccsSGJq1B%2FYxkkuM%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766259828" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Page title: HTTP Status 401 – Unauthorized <!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Access Denied</p><p><b>Description</b> The request has not been applied to the target resource because it lacks valid authentication credentials for that resource.</p><hr class="line" /><h3>Apache Tomcat/10.1.17</h3></body></html>Found 2025-12-20 by HttpPluginCreate report
-
Open service 75.2.60.68:80 · api.se.wellywork.com
2025-12-20 11:44
HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en Content-Length: 722 Content-Type: text/html;charset=utf-8 Date: Sat, 20 Dec 2025 11:44:19 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=%2F%2B%2BQ9IIx1DNdtQj0%2FMzNv8a8Q8sA4kScVZjax6ogEVM%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766231059"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=%2F%2B%2BQ9IIx1DNdtQj0%2FMzNv8a8Q8sA4kScVZjax6ogEVM%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766231059" Server: Heroku Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Connection: close Page title: HTTP Status 401 – Unauthorized <!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Access Denied</p><p><b>Description</b> The request has not been applied to the target resource because it lacks valid authentication credentials for that resource.</p><hr class="line" /><h3>Apache Tomcat/10.1.17</h3></body></html>Found 2025-12-20 by HttpPluginCreate report